proactive-tasks
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill contains explicit instructions designed to override agent behavior and bypass context.
- Evidence: In
HEARTBEAT-CONFIG.md, the agent is told: "Follow it strictly. Do not infer or repeat old tasks from prior chats." and "💓 Heartbeat check: Read HEARTBEAT.md... Follow it strictly." - This mimics 'ignore previous instructions' and 'disregard prior rules' patterns intended to force the agent into an unrestricted execution mode.
- [COMMAND_EXECUTION] (HIGH): The skill documentation and configuration files (README.md, HEARTBEAT-CONFIG.md) repeatedly instruct the user and agent to establish persistence via system-level schedulers.
- Evidence: Commands like
*/30 * * * * /path/to/send-heartbeat.shand creating files in/etc/cron.d/proactive-daily-reminderare documented. - This allows the skill's scripts to execute autonomously and persistently on the host system without active user oversight.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill is hosted on and references an untrusted GitHub repository (
github.com/ImrKhn03/proactive-tasks) and encourages the installation of scripts from this source into the workspace. - [DATA_EXPOSURE] (LOW): The 'WAL Protocol' and 'SESSION-STATE.md' features described in the CHANGELOG and README create plaintext logs of all agent activities and 'active working memory'. While intended for resilience, these files create a significant surface for data exposure if the workspace is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata